Page 5 of 1155 results (0.011 seconds)

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

24 Jan 2025 — Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •

CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

11 Dec 2024 — MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. • https://packetstorm.news/files/id/188787 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://github.com/wh1te4ever/CVE-2024-54498-PoC •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

11 Dec 2024 — Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

09 Dec 2024 — Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. ... The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in v... • https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 • CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox En JetBrains YouTrack antes de 2024.3.51866, la toma de control del sistema era posible a través del path traversal en el entorno protegido del complemento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal

CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0

29 Nov 2024 — An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' fil... • https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

12 Nov 2024 — Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html •

CVSS: 2.2EPSS: 0%CPEs: 2EXPL: 0

06 Nov 2024 — In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ... Fabien Potencier discovered that Twig did not run sandbox security checks in some circumstances. ... Jamie Schouten discovered that Twig could bypass the security policy for an object call. • https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73 • CWE-668: Exposure of Resource to Wrong Sphere •